Description
Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to read and write to arbitrary memory locations on the host via guest QXL commands related to surface creation.
References (10)
Core 10
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1890.html
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/10/06/4
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201606-05
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1261889
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2766-1
Various Sources mailing-list
x_refsource_mlist
http://lists.freedesktop.org/archives/spice-devel/2015-October/022191.html
Vendor Advisory x_refsource_confirm
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1889.html
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2015/dsa-3371
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1033753
Scores
CVSS v3
7.1
EPSS
0.0049
EPSS Percentile
38.4%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Details
CWE
CWE-119
Status
published
Products (16)
canonical/ubuntu_linux
14.04
canonical/ubuntu_linux
15.04
debian/debian_linux
7.0
debian/debian_linux
8.0
redhat/enterprise_linux_desktop
6.0
redhat/enterprise_linux_desktop
7.0
redhat/enterprise_linux_hpc_node
6.0
redhat/enterprise_linux_hpc_node
7.0
redhat/enterprise_linux_hpc_node_eus
7.1
redhat/enterprise_linux_server
6.0
... and 6 more
Published
Jun 07, 2016
Tracked Since
Feb 18, 2026